函数Native化的Android APP加固方法

Yan Yan Song; Sen Lin Luo; Hai Shang; Li Min Pan; Ji Zhang

doi:10.3785/j.issn.1008-973X.2019.03.017

函数Native化的Android APP加固方法

Yan Yan Song, Sen Lin Luo, Hai Shang, Li Min Pan^*, Ji Zhang

^*此作品的通讯作者

Beijing Institute of Technology

科研成果: 期刊稿件 › 文章 › 同行评审

3 引用（Scopus）

摘要

The logic of dynamic recovery attack and the function call execution flow in Android APP was investigated. The original DEX file was reconstructed and encrypted; its key Java function attribute was changed to Native, and the shell DEX file was added. When the Android APP was started, the shell DEX file was executed first, and then the original DEX was decrypted and loaded dynamically. When the protected function was called, the Native property of the function in memory was maintained, and the original Java function was implicitly restored and executed by the Hook technique and the reflection mechanism. The experimental results show that the method obtains high level of protection without Source decompilation at lower resource losses, and can effectively resist static analysis attacks, DEX dynamic recovery and dynamic shelling attacks.

投稿的翻译标题	Android APP reinforcement method with function Nativeization
源语言	繁体中文
页（从-至）	555-562
页数	8
期刊	Zhejiang Daxue Xuebao (Gongxue Ban)/Journal of Zhejiang University (Engineering Science)
卷	53
期	3
DOI	https://doi.org/10.3785/j.issn.1008-973X.2019.03.017
出版状态	已出版 - 3月 2019

关键词

APP reinforcement
Android System
Dynamic loading
Function-Nativezation
Hook technology

访问文件

10.3785/j.issn.1008-973X.2019.03.017

其它文件与链接

链接到 Scopus 的出版物

引用此

@article{8dbc16b4df424a0a946d4c87db9634e3,

title = "函数Native化的Android APP加固方法",

abstract = "The logic of dynamic recovery attack and the function call execution flow in Android APP was investigated. The original DEX file was reconstructed and encrypted; its key Java function attribute was changed to Native, and the shell DEX file was added. When the Android APP was started, the shell DEX file was executed first, and then the original DEX was decrypted and loaded dynamically. When the protected function was called, the Native property of the function in memory was maintained, and the original Java function was implicitly restored and executed by the Hook technique and the reflection mechanism. The experimental results show that the method obtains high level of protection without Source decompilation at lower resource losses, and can effectively resist static analysis attacks, DEX dynamic recovery and dynamic shelling attacks.",

keywords = "APP reinforcement, Android System, Dynamic loading, Function-Nativezation, Hook technology",

author = "Song, {Yan Yan} and Luo, {Sen Lin} and Hai Shang and Pan, {Li Min} and Ji Zhang",

year = "2019",

month = mar,

doi = "10.3785/j.issn.1008-973X.2019.03.017",

language = "繁体中文",

volume = "53",

pages = "555--562",

journal = "Zhejiang Daxue Xuebao (Gongxue Ban)/Journal of Zhejiang University (Engineering Science)",

issn = "1008-973X",

publisher = "Zhejiang University Press",

number = "3",

}

TY - JOUR

T1 - 函数Native化的Android APP加固方法

AU - Song, Yan Yan

AU - Luo, Sen Lin

AU - Shang, Hai

AU - Pan, Li Min

AU - Zhang, Ji

PY - 2019/3

Y1 - 2019/3

N2 - The logic of dynamic recovery attack and the function call execution flow in Android APP was investigated. The original DEX file was reconstructed and encrypted; its key Java function attribute was changed to Native, and the shell DEX file was added. When the Android APP was started, the shell DEX file was executed first, and then the original DEX was decrypted and loaded dynamically. When the protected function was called, the Native property of the function in memory was maintained, and the original Java function was implicitly restored and executed by the Hook technique and the reflection mechanism. The experimental results show that the method obtains high level of protection without Source decompilation at lower resource losses, and can effectively resist static analysis attacks, DEX dynamic recovery and dynamic shelling attacks.

AB - The logic of dynamic recovery attack and the function call execution flow in Android APP was investigated. The original DEX file was reconstructed and encrypted; its key Java function attribute was changed to Native, and the shell DEX file was added. When the Android APP was started, the shell DEX file was executed first, and then the original DEX was decrypted and loaded dynamically. When the protected function was called, the Native property of the function in memory was maintained, and the original Java function was implicitly restored and executed by the Hook technique and the reflection mechanism. The experimental results show that the method obtains high level of protection without Source decompilation at lower resource losses, and can effectively resist static analysis attacks, DEX dynamic recovery and dynamic shelling attacks.

KW - APP reinforcement

KW - Android System

KW - Dynamic loading

KW - Function-Nativezation

KW - Hook technology

UR - http://www.scopus.com/inward/record.url?scp=85066424438&partnerID=8YFLogxK

U2 - 10.3785/j.issn.1008-973X.2019.03.017

DO - 10.3785/j.issn.1008-973X.2019.03.017

M3 - 文章

AN - SCOPUS:85066424438

SN - 1008-973X

VL - 53

SP - 555

EP - 562

JO - Zhejiang Daxue Xuebao (Gongxue Ban)/Journal of Zhejiang University (Engineering Science)

JF - Zhejiang Daxue Xuebao (Gongxue Ban)/Journal of Zhejiang University (Engineering Science)

IS - 3

ER -

函数Native化的Android APP加固方法

摘要

关键词

访问文件

其它文件与链接

指纹

引用此